Skip to main content
Finpliq
Start free
← Policy library

Security

Logging & Monitoring Policy

How Finpliq records important activity without exposing sensitive data.

Owner
Security & Operations
Effective from
8 July 2026
Last reviewed
8 July 2026
Review cycle
Annual or following material change

At a glance

Finpliq logs security, authentication, admin and filing events for accountability.

Logs must not include passwords, MFA secrets, recovery codes, raw HMRC secrets or payment card data.

Full policy

Audit logs should cover login-sensitive events, admin role changes, MFA events, filing actions, approvals, high-risk exports, business switching and security incidents where implemented.

Monitoring should help identify failed logins, repeated MFA failures, unusual admin activity, filing errors, service failures and supplier outages.

Log access must be restricted to authorised administrators and support/security personnel.